If you are accepting credit cards, then you need to ensure that your business not only respects the privacy of your customer's personal information but has the business processes and security in place to protect that information. To help ensure that these standards are in place across the entire industry, the credit card companies like Visa and MasterCard have implemented a set of security policies and standards called PCI DSS that are compulsory to abide by if you are accepting credit cards in your online store.
There are two basic parts to the PCI DSS standards:
- Your approach to business
- The security of your online shop and its technology platform
The first part of the standard relates to the business processes you have in place to protect private data - for example, how often you update your passwords, you hard your passwords are to guess, what you do with credit card numbers you write down from phone orders and having a what-to-do plan in place for what you'd do if there was a disaster or if data was compromised for any reason. We cannot control this aspect of PCI compliance as it's up to you and your business processes. It's very important that you know, understand and follow these rules or else you could end up being slammed with an extremely large fine in the event that your data was compromised.
Many businesses will be required to complete a self assessment questionnaire covering the PCI DSS security standards to make a declaration that your business adheres to them.
The second part of the standard is your shop's security. To aid in your business achieving this, at Osc Works we ensure that our ecommerce servers pass a quarterly audit by an independent, authorised security authority who check the server for a number of potential security vulnerabilities that could compromise credit card data. This means that in any PCI self assessment questionnaire you can confidently say that your site passes all requirements in the web hosts section.
Over 20,000 security vulnerabilities are checked per quarter and certified as passed by the security authority, Comodo. We chose Comodo as they have a reputation in the industry as being one of the toughest quarterly PCI scans to pass.
Customers requiring a copy of our PCI DSS security compliance certificate can submit a ticket through our support system and we would be happy to provide an up-to-date certificate at any time for you to to provide to your bank.
Another security standard that your website will adhere to is called PA-DSS. This standard relates to the actual payment part of the application. Because Ozcart redirects payment processing to the payment provider who redirect the customer back to the cart once payment is made, Ozcart websites are classified as "Software as a Service" under the PA-DSS rules. As the actual payment processing is handled by the payment providers and not your cart, you can confidently say that your business is compliant with this standard.